A bitcoin-replica launched with an aim to discourage miners from forming pools and gain a monopoly over its network has been compromised.
Mark Nesbitt, a security expert, revealed that the blockchain of Vertcoin, a peer-to-peer PoW cryptocurrency, is under a 51% attack. The Coinbase engineer found that some anonymous cybercriminals rented a large amount of ASIC hash rate to attack the four-year-old cryptocurrency network. They eventually got hold of more than 50% of the mining hash rate which allowed them to own and govern the Vertcoin public chain literally.
The integrity of a PoW cryptocurrency depends on the distributed nature of its network. It is considered decentralized when no miner or mining pool possesses more than 50% of the network hash rate. If a mining entity gains control of the majority of the hash power, then it can could create separate blocks from any arbitrary previous block, creating two versions of the same blockchain. And if the alternative blockchain – controlled by a single entity – starts producing more blocks than the rest of the network, then it could lead to a situation termed as chain reorganization.
To worsen the situation, if a miner holds a large number of coins, it can also launch a double spending attack on the network. For instance, a miner can initiate a transaction on the main chain, but it can replicate the same transaction on the alternative fake chain as well. As a result, both the transactions send the same coin, and only one of them can be confirmed while the other remains invalid.
“In 4 distinct incidents, the latest of which is currently ongoing, Vertcoin (VTC) experienced 22 deep chain reorganizations, 15 of which included double spends of VTC,” explained Nesbitt. “We estimate that these attacks could have resulted in a theft of over $100,000. The largest reorg was over 300 blocks deep.”
Nesbitt warned exchanges involved in the trading of PoW-based altcoins of potential losses, blaming their lack of effective countermeasures.
“This is because exchanges allow deposits to be quickly traded into different assets and then withdrawn,” he emphasized. “An attacker can make a soon-to-be-reversed deposit, trade for another asset, move the new asset off the platform, and then reverse the original deposit.”
Nesbitt cited similar incidents that have taken place in the industry this year, naming BTG, XVG, and MONA. They all eventually got delisted from some of the significant global cryptocurrency trading platforms.
“I encourage you to patronize exchanges that place the security of customer funds as their highest priority,” Nesbitt affirmed.
Featured image from Shutterstock.
Last modified: May 20, 2020 2:18 PM UTC